Content of ping command according to Wireshark

Hello everybody,

today I want to share few words about usage of Wireshark and what it discovers about ping.

As usually everyboydy who want to check does he have internet connection tries to enter command prompt and ping some web site. If ping is successful then person believes he has internet connection. If ping is not successful, it means that internet connection is somehow invalid. 

But have you ever wondered what ping sends?

Wireshark will help to get an answer!

First step will be to open Wireshark, and type there in line for filters ICMP ( which stands for internet control messaging protocol )

Second step will be to generate some kind of ping trafic. You can open command prompt and type there following:

ping zaletskyy.com

Ping command will give you following output at the screen:

Reply from 195.234.4.40: bytes=32 time=5ms TTL=122
Reply from 195.234.4.40: bytes=32 time=4ms TTL=122
Reply from 195.234.4.40: bytes=32 time=3ms TTL=122
Reply from 195.234.4.40: bytes=32 time=3ms TTL=122.

From this message you realize that ping sent 32 bytes. But what kind of bytes?

Navigate to your wireshark app, and find something that has as destination 195.234.4.40. Below goes screenshot of what I found:

If you follow with your mouse steps in red (1, 2, 3, 4)

you will see that ping sends abcdefghijklmn opqrstuvwabcdefg hi letters, which stands for 32 bytes.

Now lets go and read DNS Query information:

it says the following:

  1. Name you were looking for is www.zaletskyy.com
  2. (Type: A) stands It is regular A host address
  3. (Class: IN) means it is class of internet

Next part that we can also analyze is DNS query response. Below goes screenshot at description of response:

At this picture you can see that IP address of zaletskyy.com is 195.234.4.40.

No Comments

Add a Comment